FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
haljawhari
Staff
Staff
Description
Polling FortiGate from SolarWinds via SNMPv3 with AES256 encryption fails despite all configuration parameters being correct.
This sometimes can be caused by difference in the method used by each appliance to manipulate encryption key sizes.

This article describes How to fix SNMPv3 AES256 encryption not working with SolarWinds.


Solution
An additional encryption algorithm has been added (AES256Cisco) which is compatible with SolarWinds and Cisco.
It can be used instead of the standard AES256 algorithm when SolarWinds is the SNMP server.

Here is the configuration from FortiGate GUI (FortiOS 6.2.3).






The same configuration from the CLI is as follow:
# config system snmp user
    edit "SolarWinds-FGT"
        set notify-hosts 10.20.3.12
        set security-level auth-priv
        set auth-pwd ENC NUhjnzBY/abeBYqer/4y+las8O1EliYitxWyCR/+CecGJ7HmC6XF5sbF4YIHNKjWi0
        set priv-proto aes256cisco
        set priv-pwd ENC NUhjnzBY/abeBYqer/4y+las8O1EliYitxWyCR/+CecGJ7HmC6XF5sbF4YIHNKjWi0
    next
end

Contributors